SAP systems may establish trusted relationships between each other. If a calling SAP system is known to the called system as a trusted system, no password must be supplied. The calling SAP system must be registered with the called SAP system as a trusted system. The called system is called the trusting system.
Trust relationships between SAP systems have the following advantages:
• Single Sign-On is possible beyond system boundaries.
• No passwords are transmitted in the network.
• Timeout mechanism protects against replay attacks.
• User-specific logon data are checked in the trusting system.
Using this feature, you can create a virtual SAP system consisting of various SAP systems that are called remotely. Remote logon data are checked in the trusting system. The trust relationship is not mutual, which means, it applies to one direction only. To establish a mutual trust relationship between two partner systems, you must define each of the two as trusted systems in its respective partner system.
On Trusting System
1. Logon to trusting system. Create an ABAP RFC connection to the destination. You can view the steps at https://itsiti.com/create-abap-rfc-connection. It is important that the option ‘Trusted System’ is not set to active for this destination (Security Option Trusted System = No).
2. Execute transaction code SMT1. Click on the Create icon to setup a new trusted system. In the dialog window, enter the destination for the remote system.
3. All the necessary information will be supplied automatically. You can also restrict the validity period of the logon data on Validity period field.
4. Verify the authorization object S_RFCACL is applied to the user. Check can be perform via function module AUTHORITY_CHECK_TRUSTED_SYSTEM using transaction code SE37.
On Trusted System
1. Logon to the trusted system, you can obtain a list of all trusting systems. Execute SMT2 to display the list of trusting systems. Click on the name of a trusting system to display the application servers of that system. The application server names contain the suffix _TRUSTED. Double-clicking the name of an application server displays a dialog box, in which you can enter the transaction that you want to execute in the trusting system. You can also specify whether the transaction is to be executed in the same session, or in a new one.
